How Indian financial outfits have been facing numerous cyber attacks from Pakistan

In the world of cybercrime, such attacks, which could be mistaken as normal traffic overload on the Net, are known as "distributed denial of service", or DDOS.Sugata Ghosh | ET Bureau | August 31, 2015, 08:46 IST

In the world of cybercrime, such attacks, which could be mistaken as normal traffic overload on the Net, are known as "distributed denial of service", or DDOS.A month before Pakistan's ceasefire violation on the eve of Independence Day, a silent battle was raging in Mumbai's financial district.

Two large private banks, a retail brokerage and a state-owned lender faced a cyber attack from hackers across the border that seriously slowed down all online customer transactions.

In the world of cybercrime, such attacks, which could be mistaken as normal traffic overload on the Net, are known as "distributed denial of service", or DDOS.

Spread across the world, hackers, either sympathetic to lost causes or indulging in the game of extortion, virtually ‘take over' thousands of computers in diverse destinations before unleashing a DDOS strike.

As computers that are hacked into start behaving as robots - or, ‘botnet' in cyber parlance - the hackers divert traffic from these terminals to clog the systems of targets like banks and even e-commerce firms.

A bank that is invaded may be unaware of the attack and even take a while to sense that customers are struggling to put through a simple net banking fund transfer or credit card payment.

The July Attack

On that day in July, it was no different. The financial institutions received advisory on the DDOS attack from the government's Computer Emergency Response Team (CERT). Also there were alerts that more attacks could follow over the next few hours, said a cybercrime expert.

Speaking to ET on condition of anonymity, one of the senior most officials in the government's cyber security establishment said, "There was an attack but this was effectively countered. Often these things are done with the intention to blackmail …But we have the systems to handle it. There have been finance ministry and RBI instructions to banks for taking necessary measures to protect against DDOS strikes."

According to cyber security head in one of the largest Indian banks, since April there have been several advisories from government agencies like CERT and National Critical Information Infrastructure Protection Centre on DDOS.

"In a DDOS attack, if a bank can block the bogus traffic diverted by a hacker for the first 15 minutes, then the attacker typically moves away to a weaker target. But if an institution is unable to resist, then the attacker may demand ransom. Rogue hackers in places like Nigeria and East Europe want to be paid in Bitcoin. Since Bitcoin is based on what is known as block-chain technology, fund transfers leave no trail."

Safety Measures

As precaution, no bank, to begin with, should depend on a single Internet service provider (ISP), he said.

"Besides, banks are beginning to invest in anti-DDOS high-end appliances. Some are carrying out mock drills to test the technology. Here, a flood of traffic is diverted to banks' own websites to figure out whether the ISP and banks' internal cyber-security teams are adequately alert," said the banker who refused to be named.

Until a hack attack is obvious, companies in India typically keep such incidents under wrap as regulators do not insist on mandatory reporting of security breach. Some of the US-listed Indian entities are even more reticent: since a cyber attack is rarely disclosed due to fear that it could scare away customers, it becomes more difficult to admit the breach later.

In DDOS attack, including the current one, there is no data compromise or cash theft. "The timing of the event suggest that it could be handiwork of some of the Pakistani hackers who may be located in the US and Europe. Typically, they are active before big festivals or in the run up to Independence Day or Republic Day. They have a specific point to prove," said an ethical hacker, who advises several companies and agencies on cyber security.

Types Of Hackers

According to him, there are three broad types of hackers, differentiated by motives. First, the financially motivated cyber criminal, who are usually from Eastern Europe and are interested in stealing credit card information, or engage in identity theft etc. They are highly organized, infect thousands of systems across the globe in order to achieve their objectives, and even ‘rent' access to an infected computer for an hourly fee for conducting DDOS.

The second type are hacktivists or politically motivated hackers whose sole interest is in furthering a political agenda by defacing a site, or bringing a site down through DDOS attacks. Pakistani hackers fall in this category.

The third and the most serious type are nation state attackers involved in corporate espionage. They gain access to competing companies in order to steal business strategy and intellectual property. Chinese hackers are well-known for this.